Public key digital signatures are important for secure exchange of information between plural parties, for example between computers or mobile devices, between a smart card and a terminal, etc.
An earlier digital signature and authentication method and apparatus was described in U.S. Pat. No. 7,308,097, assigned to the same assignee as the present Application. Reference can also be made to “NTRUSign: Digital Signatures Using the NTRU Lattice”, J. Hoffstein, N. Howgrave Graham, J. Pipher, J. Silverman, and W. Whyte, Topics In Cryptology-CT-RSA 2003, Lecture Notes in Computer Science, Vol. 2612, Springer, Berlin, 2003.
The signing technique in the '097 Patent uses a mixing system based on multiplication in a ring and reduction modulo an ideal q in that ring; while the verification technique uses special properties of products of elements whose validity depends on elementary probability theory. The security of the identification/digital signature scheme comes from the interaction of reduction modulo q and the difficulty of forming products with special properties. In an embodiment of the digital signature scheme of the '097 Patent, the security also relies on the experimentally observed fact that for most lattices, it is very difficult to find a vector whose length is only a little bit longer than the shortest vector, and it is also difficult to find a lattice vector that is quite close to a randomly chosen nonlattice vector.
An improvement over the technique of the '092 Patent, which had reduced complexity and computational requirements for key generation and signing, was disclosed in copending U.S. patent application Ser. No. 14/544,426, assigned to the same assignee as the present Application, published as U.S. Patent Application Publication No. US2015/0229478, incorporated herein by reference. In a form of that invention, sometimes referred to a “pqNTRUSign” (mark of Security Innovation, Inc.), a method is set forth for signing and subsequently verifying a digital message, comprising the following steps implemented using at least one processor-based subsystem: selecting parameters including an integer q and a relatively smaller integer p that is coprime with q; generating random polynomial f relating to p and random polynomial g relating to q; producing a public key that includes h, where h is equal to a product that can be derived using g and the inverse off mod q; producing a private key from which f and g can be derived; storing the private key and publishing the public key; producing a message digest by applying a hash function to the digital message; producing a digital signature using the message digest and the private key; and performing a verification procedure utilizing the digital signature and the public key to determine whether the signature is valid.
It is among the objectives hereof to devise a digital signature method and system that has advantages over existing digital signature techniques, including those of the type described hereinabove.